When using a card to make a purchase, the merchant passes the card number, other information from the card (such as the expiration date), the charge amount, and the merchant number to the card issuer to authorize the payment being requested by the customer. The authorization serves to verify the account while analyzing its current state for the purpose of producing a recommendation to the merchant as to whether they should accept or reject the purchase using the presented payment instrument.
When a purchase is being made at a “brick and mortar” (i.e., physical, real, storefront, offline) merchant, the card information for completing the authorization is captured by swiping the card through a card reader attached to a Point-of-Sale (POS) device. Such purchases are referred to as “card present” transactions. When the purchase is being made online or over the telephone, the customer enters or provides the card information to the merchant without the merchant ever seeing the customer or the card. These types of transactions are referred to as “card not present” transactions, and are characterized by a higher incidence of fraud than “card present” transactions. For online merchants in 2000, this rate was 10 times higher per volume than that experienced by other merchants. More to the point, fraud accounted for roughly 1.5% of total sales for online merchants as opposed to 0.1% for offline merchants. Because of the “card not present” condition, any reported incident of fraud for online commerce becomes the financial responsibility of the merchant, and not the issuer or customer. Thus, the fraudulent 1.5% of total sales is a direct cost, and thus a problem for merchants.
FIG. 1 illustrates the above online authorization process. The linear process includes a customer 102, a merchant 104, and a (debit, credit, charge or other payment) card issuer 106 with merchant 104 as the broker for the entire transaction. Merchant 104 collects all the information regarding the transaction from itself and customer 102, then requests the payment be authorized by issuer 106. The decision of card issuer 106 is returned to merchant 104 to complete the purchase (or if the authorization fails, merchant 104 will reject the customer payment). When faced with the fact that online merchant 104 never “sees” customer 102 or the card being used for the payment (i.e., “card not present”), it is understandable why merchant 104 is held completely responsible for any fraudulent transactions.
There are also several causal affects of fraud on online commerce and merchants. First, because of the cost associated with managing fraud, merchants'payment processors/providers assess a discount rate that is typically almost twice that applied to corresponding brick-and-mortar merchants. Taking this increased discount rate into account can amount to another 1.4% of loss for every online transaction in which a merchant engages in due to the manner in which such payments are being processed. Second, there are numerous surveys and reports that describe the resistance and hesitancy of many customers to participate in online commerce because of concerns around security, specifically fraudulent use of their card instruments. These concerns keep potential customers away from online merchants and reduce the potential volume that they might otherwise experience. Accordingly, a need therefore exist for a mechanism to reduce card transaction fraud.